Your “Updates” tab (Dashboard >> Updates) shows a red-encircled 6 to show the 4 plugins and 1 theme that you haven’t updated. And there is a new version of WordPress. Why are there all these updates all the time? No, they aren’t just to annoy you, and they should not be ignored.
Often hackers find, and exploit, security holes in code. In an open source platform like WordPress, where the code is available for all to see and scrutinize, they are easier to find. When the WordPress Security Team verifies a vulnerability report they contact the plugin author and instruct them on how to release a secure version with a security patch. When you don’t update with that patch, your website remains vulnerable — and the hackers know it. WordPress version updates and plugin updates often include these vital security patches.
Another major reason that updates are released is to spread the joy of new features. These might be visual enhancements, or they might be bringing the plugin up to new standards. For example, the latest release of the Yoast SEO Plugin, Version 7.3.3 released on July 2, 2018 fixes text directionality for the title and description fields in the snippet editor for right-to-left languages. This is helpful if you run a website in Hebrew or Arabic! Additionally, some of the more recent version update made editing site and post meta data much more user friendly. You can now reorder Title, Name of Site, Separator and Site Title with a drag-and-drop interface. This is a major improvement over cumbersome shortcodes like %%page%%.
In order for everything to run smoothly, your plugins have to work with each other and the WordPress core files. When you’re working with a bunch of third party products, this can be easier said than done. An easy example to explore is WooCommerce, a leading e-commerce plugin for WordPress. This free plugin turns your basic WordPress site into a store, by adding the shopping cart, store, product and checkout pages. The folks at WooCommerce offer dozens of extensions that add capabilities like additional payment gateways, help-desk live chat, and more. Some are free and some are paid. Additionally, many third-party providers sell their own WooCommerce extensions. When WooCommerce releases an update to their store plugin, some of these changes may affect how the other plugins perform. The developers of affected plugins need to release their own update in order to keep things running smoothly.
Note: Before downloading a plugin, one of the things to check is if it has been updated recently and if it is compatible with the latest version of WordPress and any relevant plugins.
About Version Numbers
Most plugins use semantic versioning, where in a version number like 1.1.2, it translates to MAJOR.MINOR.PATCH. Most updates are patches, where you make backwards-compatible bug fixes, or small updates that will work also with older versions of the plugin. Minor updates generally include new functions. Major versions may introduce really new features that are not backwards compatible and are the most likely to cause problems with your current content, theme, or other plugins.
As a general rule of thumb, we recommend holding off on updates of major releases for 2-4 weeks, until all of the bugs are worked out. For instance, rather than updating from WordPress 4.9.9 to WordPress 5.0, which was a major release, we waited on a lot of sites until WordPress 5.0.1 or 5.0.2 was released, with several bug patches. Let other people be the guinea pigs and deal with all the glitches!
For smaller releases like minor updates and patches, usually waiting 2-7 days suffices. That said, always test out updates on a staging site and implement them on the live site after making a backup!
A Few More Notes About Updates
Plugins and themes available from the wordpress.org repository offer automatic updates. WordPress does this as well for its core software. This means that you’ll be able to execute many plugin updates and WordPress version updates with a click and “update now”. If you have plugins or themes from third-party sources like ThemeForest, you usually have to manually update them. However, sometimes these third-parties have built in the ability to update via the Dashboard.
If you aren’t afraid to open your website files, you can set up automatic updates for the WordPress core files by editing wp-config.php. There are three types of updates to the WordPress core. Core development updates that are brand new and therefore a bit riskier are known as “bleeding edge” updates. For these kinds of updates, the average user should wait until the release has been out for a few days before updating. Minor core updates, such as security patches and translations are another kind of update that are frequently released. Lastly, major core release updates, such as the upcoming release of 5.0 usually bring with them new features.
You can decide to make all or just some of these updates update automatically. Some hosting providers also automatically update WordPress minor releases as part of their service.
WordPress core, plugin and theme updates are critical for the security and optimum performance of your website. However, please exercise some caution. Just as not updating your plugins leaves you vulnerable to hackers and incompatibilities, sometimes updates can also introduce their own problems. Perform backups before executing updates in order to roll back to a stable version of the site without losing data. An experienced WordPress professional can help you navigate these plugin and WordPress version updates with minimal risk. IRG Websites offers two plans for WordPress website maintenance, including these critical updates.